Re: loopback device

From: Craig Van Tassle (craig@ambrosa.dns04.com)
Date: 01/17/02


Date: Thu, 17 Jan 2002 14:18:12 -0600
From: Craig Van Tassle <craig@ambrosa.dns04.com>
To: leon <leon@inyc.com>


Ok The port was a typeo. but do you think that my computer could be compromised or this could just be a mis-configuration on my computer or a atempt at a hack?How is it that my computer is catcheing this loopback traffic? could someone be bouncing off my computer or what?

Thanks
Craig
 
On Thu, Jan 17, 2002 at 02:11:15PM -0500, leon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What do you mean by what program is running on this port? I am not
> sure if you consider the loop back address a port as much as what it
> is (ie; a loopback address). I don't know if you can bind running
> process to the loopback addy. Even if you possibly could, an
> attacker never would because you would be unable to route traffic to
> it.
>
> HTH,
>
> Leon
>
> - -----Original Message-----
> From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> Sent: Tuesday, January 15, 2002 2:35 PM
> To: secuirty-basics
> Subject: Re: loopback device
>
> My loop back is supposed to be 127.0.0.1.. at least that is what my
> ifconfig shows me.. and i have no idea what program is running on
> that port.
> Do you think that i could have a possible intrusin?
>
> Thanks
> Craig
>
> On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote:
> > No, you can't bypass the firewall using the loopback interface.
> > Whats interesting though is the IP address they're using... usually
> > loopback is 127.0.0.1 and the port number, 5460 isn't assigned to
> > anyone so what program is running?
> >
> > -----Original Message-----
> > From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> > Sent: Monday, January 14, 2002 8:48 AM
> > To: secuirty-basics
> > Subject: loopback device
> >
> >
> > Is it possible for someone over a network to use my loopback to by
> > pass my firewall? If so what can i do to mitigate the problem and
> > how damageing can it be?
> >
> > The reason im asking is my Snort sytem is showing badd loopback
> > traffic.. thanks
> >
> > here is a snipit from my snort logs.
> >
> > [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
> > [Classification: Potentially Bad Traffic] [Priority: 2]
> > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460
> > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40
> > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20
> >
> > Thanks
> > Craig
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPEchztqAgf0xoaEuEQJ4TACfeH/voSSUxDHrssH2yxJzHMZwmBcAnAlF
> 0A9v/M5EMTD2QQeYsszeN2Dq
> =tCcQ
> -----END PGP SIGNATURE-----
>






Relevant Pages

  • Re: Sockets, port and loop-back ?
    ... You mean the loopback network interface? ... > In the case that my in & out to the network is via my serial port ...
    (comp.os.linux.networking)
  • Re: SendMail sending garbage mails
    ... machine and blocked incoming packtes for other ports ... except 25 port and 110 ... but not blocked loopback do u feel this problem is ...
    (RedHat)
  • Re: TCP connection to MAC address
    ... All it is doing is emulating the loopback address by setting a default IP, and hitting it on a specific port as a sort of "secret knock" to unlocking the web interface to the configuration manager. ... Perhaps is should have posted in a networking group? ... For remotely configuring it, I would definitely use a specific address on your range in the event that you will be simultaneously configuring multiple of these devices on the same network. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: BizTalk 2004 :: HTTP req-resp :: loopback checkbox with slow performance
    ... The Loopback option allows you do execute maps/pipelines and get a response ... with no send port or orchestration subscription present - it isn't related ... Have you considered a one-way receive port? ...
    (microsoft.public.biztalk.general)
  • RE: loopback device
    ... What do you mean by what program is running on this port? ... process to the loopback addy. ... My loop back is supposed to be 127.0.0.1.. ... > The reason im asking is my Snort sytem is showing badd loopback ...
    (Security-Basics)